Lucene search
Veracode Vulnerability DatabaseVERACODE:41094HistoryJun 30, 2023 - 10:07 p.m.
Arbitrary Code Execution
2023-06-3022:07:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
arbitrary code execution
configuration injection
vulnerability
improper checks
parameter
base.py
jcvi
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.1%
jcvi is vulnerable to configuration injection. The vulnerability is due to improper checks in the path parameter of apps/base.py, which allows an attacker to inject arbitrary configurations, possibly resulting in arbitrary code execution.
References
Related
cve
cve
CVE-2023-35932
2023-06-23 22:15:08
osv
osv
CVE-2023-35932
2023-06-23 22:15:08
jcvi vulnerable to Configuration Injection due to unsanitized user input
2023-06-23 21:44:35
prion
prion
Command injection
2023-06-23 22:15:00
github
github
jcvi vulnerable to Configuration Injection due to unsanitized user input
2023-06-23 21:44:35
nvd
nvd
CVE-2023-35932
2023-06-23 22:15:08
cvelist
cvelist
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
48.1%
Related for VERACODE:41094